No matter how many levels of defense MSPs implement for their business clients, there is virtually no way to stop a carefully planned and executed attack − or prevent a lucky cybercriminal from breaking through your security measures. Email remains a moving target for hackers, and despite an almost endless array of combative tools available to augment data protection, reactive measures rarely impede their efforts. Traditional methods typically notify MSPs only after inflicting the damage.
Ransomware is the perfect example. While MSPs can provide scores of email security solutions for identifying suspicious and likely malware to their clients, there are no fool-proof ways to prevent those attacks from happening completely. Cybercriminals are relentless. With determination and sometimes a little luck, a determined hacker will find some way in the front door, usually with the help of an unsuspecting and poorly trained end-user.
With ransomware, there is literally no room for mistakes. MSPs see it all the time – a client’s employee opens an email and clicks on a link or an attachment, unleashing an attack that quickly proliferates through the entire company network, encrypting files, and locking down systems one by one. Of course, some forms of ransomware use a surveillance approach, lying undetected for a potentially long period of time while it watches and maps systems and data streams. Of course, the goal is to encrypt each file when the malware eventually activates.
Threats in Transition
The bad news for the businesses you support is that the experts predict ransomware attacks will only worsen. Attacks in 2021 may also come with some new twists. Some of the latest forms of malware can steal data or target certain organizations. The designer era of ransomware is here, and those advanced attacks are sure to complicate MSPs’ data protection plans.
Cybercriminals have a wealth of new tools at their disposal, providing attackers with additional ways to probe and harass businesses with formidable defenses. Most will just need to find a single vulnerability to ensure success. As an MSP managing multiple clients with an exponentially larger community of end-users, that can be a frightening prospect, especially with so many working from home during the pandemic.
Every new threat increases your exposure and potential headaches. Most clients will never understand these malicious applications' ever-expanding capabilities until they or someone close to them suffers an attack. When you combine end-users' relative naivety with the increasing threats, the potential outcomes can keep the most seasoned cybersecurity professionals awake at night.
Double-extortion ransomware is the perfect example. These attacks, where cybercriminals access and steal a large amount of sensitive data before encrypting the entire database, amplify the exposure and complicate MSPs' response options. Even if you can restore the data using a backup solution, that process won’t solve the problem. Cybercriminals can still threaten to publish the information unless the victim pays the ransom.
The Perpetrator Community is Thriving
Ransomware remains a highly profitable endeavor for cybercriminals. According to a new report from blockchain analysis firm Chainalysis, ransomware gangs scored big in 2020, taking in a record amount of cryptocurrency from victims − more than $350 million. That 311% increase should catch the attention of cybersecurity experts and their clients.
Between the lax attitudes of many end-users and the rising number of ransomware strains, cybercriminals have more incentives than ever to ramp up attacks in 2021. The shift to WFH and hybrid workforces makes their jobs easier while complicating the lives of their intended victims and the tech teams attempting to thwart those incidents.
Those factors are emboldening the purveyors of ransomware. Raising the number and types of attacks in the current business environment will surely pay great dividends, especially with more advanced tools that are tougher for cybersecurity experts to identify and neutralize. That community is thriving while their targets are most vulnerable. Whether attackers are being sponsored (or employed) by nation-states or sending ransomware to unsuspecting people from their parents’ basements, the rewards are significant.
The problem for MSPs is devising new ways to slow, if not stop, these attacks. Ensuring that your clients are not the “low hanging fruit” in the risk chain is essential today. Suppose you could enhance the protection layers for end-users and address common vulnerabilities with email security, awareness training, and effective anti-ransomware tools. In that case, there will be fewer opportunities for cybercriminals to work their black magic.
Know Thy Enemy
While your clients may never quiz you on ransomware's infinite details, it is useful to understand the various types of attacks, how they present, and the most effective prevention measures. It is extremely hard to build good defenses for the business community without a decent comprehension of the enemies you are facing (as well as their tools).
Do you truly know what you and your clients need to fear? There are many forms of ransomware that MSPs should be tracking today. Here are five frightening examples (there will certainly be more) that you may need to deal with in 2021:
- Jigsaw. Originally greeting victims with the face of the legendary horror movie character warning them to pay the ransom or face the consequences, the trademark character has gone away. The virus still slowly and systematically deletes files (including a handy countdown clock) until users pay the ransom. The deletion rate speeds up hourly, creating a sense of urgency for businesses and MSPs, and punishes those who restart their computer by removing a large number of files.
- Cerber. These applications leverage a ransomware-as-a-service (RaaS) model where cybercriminals can quickly buy, spread, and profit from the malware. Like a franchise, developers receive a cut of the ransom, and Cerber attacks typically come in many forms. Cybercriminals hide the ransomware in online software, install it on unsuspecting companies’ websites, and distribute it through traditional email messages.
- GoldenEye. Cybercriminals distribute this strain through massive social engineering campaigns that specifically target HR teams so they can access and infect critical business and personal data. Downloading an infected file will launch macros and encrypt files on the target’s computer, locking down some of the company’s most sensitive (and valued) information.
- Dharma. An evolution of Crysis ransomware-as-a-service, this malware has been discounted in the past year (as low as $2000), putting it in the hands of more cybercriminals. Cybercriminals typically deliver this strain as a Trojan in spam email messages and are heavily targeting medical offices and healthcare facilities.
- KeRanger. The first ransomware focusing on Macs uses an altered version of the Transmission file-sharing application that cybercriminals use to attack Windows devices. With similar capabilities, this strain also encrypts locally stored files and backups and requires users to pay in bitcoin to receive the decryption key.
A New Plan of Attack
Knowing the basics of ransomware will not stop the attacks. The reality is that businesses expect their MSP partners to understand the risks and implement strong defenses to deter cybercriminals. Do you have a firm grasp of the processes and tools needed to protect your clients?
Adequate backups are no longer good enough. Some of the latest ransomware strains can encrypt everything, steal copies of the information, and destroy recovery files. Those “scorched earth” attacks leave your clients with no other option than to pay the ransom, even if it only affects a single computer.
Neutralizing ransomware is your only recourse when it gets through other defenses. Stop these attacks before they can encrypt files and take down your clients’ businesses. Learn how CryptoStopper helps MSPs up their ransomware game to stop attacks before they begin. Contact our channel team today for more details.